Note From The Author, Gus
Thank you for visiting our site. I hope the information herein was useful to you. Should you have additional PC-related questions or problems, click for help: FREE Tech Support Request. Stop searching and get solutions!
I was recently asked my opinion about email security awareness and training; my response was that it is crucial that it be conducted. The problem I see though, is many small to mid-size organizations are confused as to what specifically to do and are hesitant to spend money, beyond some basic internal audit.
This article is a review of Phishme, an Internet-based email security awareness and training program I recently stumbled across; their website is phishme.com.
This will simply be a cursory review of what they bring to the table, usability rating, practicality, effectiveness, user response, and the service’s value.
One the most least-understood threats to any computer or network system is Phishing. For a good understanding of phishing, you can get it straight from the horses mouth: What is Phishing? In that article, it is pointed out,
No longer relying on a wide net of random emails, proclaiming deep discounts on prescription drug sales, the Nigerian Scam or links to login to online banking sites, phishing attacks these days are much more targeted and sophisticated. ~Phishme.com
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. ~Wikipedia
Spyware, viruses, and phishing can have devastating effects. If anyone has ever had their computer hard drives infected with conficker, you know how devastating a botnet can be. Training properly is the only way to reduce the risks in this digital world.
Phishme, a security awareness program, is simply an online computer security and threat awareness training program. In short, Phishme mimics what a cyber-criminal may use to infiltrate your company’s network via means of phishing, and how to manage such real threats for better online safety.
The overall objective of this program is to help employees be more aware of the warning signs of such threats, and reduce the risk of computer users falling victim to malicious bank notifications, retailer offerings, ad bogus company emails.
Their is no infrastructure or hardware requirements, outside of an Internet connection via your traditional Internet Service Provider. The program does not at all compromise any aspect of your existing network, leave computer systems vulnerable to real attacks, or retain any personal information.
I would have to say that the user interface, or Wizard, is very clean and understandable. Developing a session for email security training is simple to setup and initiate. Moreover, it would not take an IT administrator in order to set up such a session. An example may be a compliance scenario for human resources.
There program is very user-friendly, and not only does it not require programming, there are illustrations guiding through each step. This makes it easy enough for any user with access to create a training program. The wizard actually goes through each aspect of the setup, such as generating a proper email header, Subject tagline, body and appropriate testing links.
Additionally, you may select from basic templates that help you produce seemingly authentic emails designed for training. Once finished creating the training email, you will be asked to schedule the send. You can designate who to send the training email to via predefined Recipient Groups.
One of the scenarios displays a password-protected access page. If this was an actual phishing attack, the user would be sending the hacker their username and password. The entire activity is recorded for security awareness training purposes. This is just one of several cyber security sessions you can generate.
Phishme delivers real-world scenarios, using authentic-looking training program on their own system, and outcomes that can be analyzed and trained for.
Phishme provides the ability for these training sessions to not store personal information, and only retain click-related data. This greatly reduces user uneasiness of being tracked and having their personal information collected.
The cost is on a per-email basis. For a twelve month period you can run as many email training sessions as needed, though the number of users is limited. The overall cost is seemingly small, in comparison to the amount of threat emails received every year and the impact phishing can have on organizations.
In all, Phishme is an effective and efficient online security awareness and training program. You will find definite value in the services they provide, without alienating the users. Visit phishme.com for more information.